Software-defined everything (SDE) -- the use of software to provision and manage pretty much all IT infrastructure -- is poised to make outsourcing much easier for some customers and for some workloads.

By speeding and automating IT management, SDE can reduce the need for manual IT work and thus the value of outsourcing deals based only on lower offshore labor rates. By making it easier to scale infrastructure up or down, SDE makes it easier to buy services "by the drink" from cloud providers and to run some workloads internally to create hybrid clouds. As a result, cloud providers such as Amazon Web Services (AWS) and Microsoft Azure are becoming alternatives to conventional outsourcers.

But to gain this flexibility, enterprises need new tools to manage their software-defined environments, the skills to decide where to run which workloads and new cross-functional teams to manage their software-defined infrastructures.

SDE impact

SDE revolves around software that defines, provisions and manages servers, storage, networks and security. Rather than requiring admins to write commands or click on a screen, SDE performs these functions more quickly and consistently (and often automatically) through software. This reduces the cost of IT operations, allows enterprises to tweak their IT environments more quickly to meet changing needs and enhances performance and security.

Ten years ago, "a lot of customers were really hot and heavy into outsourcing labor-intensive operations, such as load management, resource provisioning or overall system management and troubleshooting," says David Angradi, director of software-defined data center solutions for service provider Logicalis US. "What a lot of them eventually found was...they weren't really driving any additional efficiency or agility," he says.

By contrast, SDE "allows enterprises to take advantage of in-house or outsourced resources, scaled and priced" at a set level, says Robert Stroud, a principal analyst at Forrester Research.

By allowing enterprises to automate functions that had often been outsourced, SDE and the use of cloud erode the traditional core business of offshore providers, says Bill Huber, managing director at sourcing consultancy Alsbridge Inc. As a result, he says, many outsourcers are increasingly focusing on areas such as cloud migration, integration and augmentation as well as services tailored to a customer's vertical market or other specific needs.

They are also offering more contracts based not on the number of employees the outsourcer provides but rather on the benefits the customer receives, says Huber. Finally, many are developing software that uses artificial intelligence to more effectively manage infrastructure.

On the storage front, the flexibility of SDE allows customers to keep sensitive data on their own premises while turning routine management over to an outsourcer. Such on-premises storage now accounts for 35% of revenue at storage-as-a-service vendor Zadara Storage. Among the customers are law enforcement agencies storing sensitive video from body cameras on site and paying Zadara to manage it rather than hiring internal staff, says Zadara Storage COO Noam Shendar.

Different customers will move to SDE at different paces and in different ways. Rafi Khan, a former CIO who is now a consultant, is evaluating SD-WAN (software-defined wide-area networks) to more quickly provision links for services such as voice, software-as-a-service and email. Rather than waiting months for a broadband vendor to do the work, he says, with SD-WAN integrated with LTE wireless broadband, he can provision an office or site in one day.

Yugal Joshi, practice director at outsourcing consultancy Everest Group, expects most organizations to turn to service providers for help adopting SDE internally rather than use outsourced environments.
Rafi Khan, a former CIO who is now a consultant, says "hyperconverged" compute, storage and networking appliances, which provide features such as backup and advanced data protection at lower cost than traditional data centers, could encourage in-house deployment of SDE rather than through outsourcers.

The U.S. General Services Administration (GSA) created its own software-defined business services platform that is being used by 50 software developers, says CIO David Shive. SDE provides stronger control over the security, costs and implementation of applications, he says, reducing development time, giving the security staff more insight into the environments they protect and limiting the number of configurations the operations staff must manage.

Best workloads

Applications that can benefit most from the automation and speed of SDE are those that are less customized and more virtualized -- in other words, less dependent on a specific hardware platform -- with frequent changes in resource demands.

Marc Fleischmann, co-founder and CEO of storage software vendor Datera, cited applications such as "order processing when you have multiple sales or marketing pushes through the year, or if you're testing a bunch of different ideas to see which ones work best." SDE "means these workloads can scale up and down, move from on-site to the cloud, or around the world, dynamically and constantly."

Application environments built as microservices -- each providing a function such as security or user log-in -- rather than as conventional applications will be easier to move to new hosting locations such as the cloud. The reason for this flexibility: They lack the "spaghetti" of dependencies on specific application platforms and hardware, says Derek Yoo, CTO and co-founder of Fuze, a global voice, video and collaboration vendor.

Another good candidate is DevOps. As the GSA found, rather than wait for IT to configure new hardware for a rush project, SDE defines a "known good configuration" that internal or external developers must use for development and testing, says Chris Riley, an industry analyst specializing in DevOps (the practice of combining development and operations to speed new applications to market).

Whether the storage leg of the infrastructure stool can be software-defined depends on the application, says Forrester's Stroud. Applications that require highly complex, relational databases might not scale as easily into an SDE environment, he says, although he expects this to improve in the future.

Management and security

Managing a software-defined infrastructure may require new tools that can see, and manage, workloads across public, private and hybrid clouds.

Logicalis's Angradi says there are many suites of fully integrated products that customers can quickly tap. These include, he says, tools from ServiceNow as well as VMware's vRealize Suite, HP Enterprise's cloud and automation suite and the Cisco One Enterprise Cloud Suite.

The real challenge is making staffs that are now responsible for different areas such as network infrastructure and applications work together to keep vital services running, he says. Their attitude must be "I'm not an IT person any more, I'm not a development person anymore -- I'm delivering services," says Angradi.

Beyond compute, storage and networks, the fourth IT component in SDE is security. This is already a major concern for customers considering a move to the cloud, but poses new challenges in a hybrid, fast-changing, software-defined environment.

When applications are hosted in the cloud for easy access by partners and customers as well as employees, "the notion of a traditional perimeter like a firewall or VPN gateway no longer makes sense," says Junaid Islam, co-chair of the Cloud Security Alliance, Software Defined Perimeter Working Group. An emerging concept called software-defined perimeter (SDP) seeks to meet this challenge by allowing customers to specify, for example, that a specific person is a contractor and needs to access three applications, and configure network connections in real time that provide only those users access to only the appropriate systems, databases and network segments, he says.

Assuring security in a software-defined environment requires higher levels of coordination between a customer and service provider, says Michael Hayes, manager of infrastructure and operations for Deloitte Managed Analytics, which uses private cloud providers to host SaaS analytic applications.

"It's critical to understand" which security functions are the responsibility of the data center provider at the level of the servers, network and storage, and which are the responsibility of a customer at the level of the applications and data they are hosting in the cloud, he says. Using software-defined networks, says Stroud, organizations can also "use micro-segmentation to differentiate applications and potentially encrypt data."

Getting started

An inventory of your current infrastructure, and the tools you use to manage it, is an essential first step towards implementing SDE.

Many organizations get a return on their inventory assessment simply by finding IT assets they can dispose of or avoid buying altogether, says Angradi. Inventories also improve security and performance by identifying unknown systems that need to be patched and which servers are most at risk, he says. Executive backing for SDE is essential, says Angradi, both to understand the high-level business needs and to drive the required organizational changes.

Whatever the challenges, Angradi says moving towards SDE is essential because existing models of IT, and outsourcing, "cannot respond fast enough in this new world." If enterprises don't use SDE to become less expensive and more agile, he says, new players such as Amazon will "put your IT [group] out of business."

Robert Scheier is a freelance writer in Boylston, Mass. Contact him at rscheier@charter.net.